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Abstract 

We  prove  an  occurrence  property  about  formal  parameters  of  continuations  in  Continuation-Passing 
Style  (CPS)  terms  that  have  been  automatically  produced  by  CPS  transformation  of  pure,  call-by¬ 
value  A-terms.  Essentially,  parameters  of  continuations  obey  a  stack-like  discipline. 

This  property  was  introduced,  but  not  formally  proven,  in  an  earlier  work  on  the  Direct-Style 
transformation  (the  inverse  of  the  CPS  transformation).  The  proof  has  been  implemented  in  Elf, 
a  constraint  logic  programming  language  based  on  the  logical  framework  LF.  In  fact,  it  was  the 
implementation  that  inspired  the  proof.  Thus  this  note  also  presents  a  case  study  of  machine- 
assisted  proof  discovery. 

All  the  programs  are  available  in 

J  ftp . daimi . aau . dk :pub/ danvy/Programs/danvy-pf enning-Elf 93 . tar . gz 
1  ftp.es .cmu.edu ;user/fp/papers/cpsocc95. tar. gz 
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1  Introduction 


Continuation-Passing  Style  (CPS)  A-terms  encode  both  evaluation  order  and  sequencing  order  [13]. 
For  example,  consider  the  Direct  Style  (DS)  A-term 

Xx.fx  (gx). 

Evaluating  it  from  left  to  right  under  call-by-value  (CSV)  amounts 

1.  to  evaluate  f  x  —  call  the  result  Ui, 

2.  to  evaluate  gx  —  call  the  result  V2,  and 

3.  to  apply  vi  to  V2  —  call  the  result  U3. 

CBV,  left-to-right  CPS  transformation  of  this  term  yields 

Xk.k  {Xx.Xk.f  X  Xvi.g  X  \v2-vi  V2  Xvs.kvs). 

On  the  other  hand,  evaluating  the  DS  A-term  above  from  right  to  left  under  CBV  amounts 

1.  to  evaluate  gx  —  call  the  result  V2, 

2.  to  evaluate  f  x  —  call  the  result  Ui,  and 

3.  to  apply  ui  to  V2  —  call  the  result  U3. 

CBV,  right-to-left  CPS  transformation  of  this  A  term  yields 

Xk.k  {Xx.Xk.gx  Xv2.fxXv1.V1  V2  Xvs.kv^). 

In  earlier  work,  the  first  author  developed  a  textual  inverse  of  the  CPS  transformation,  i.e., 
a  “direct-style  transformation”  [2].  To  this  end,  it  was  necessary  to  characterize  CPS  terms  that 
correspond  to  the  output  of  Plotkin’s  CPS  transformation,  after  administrative  reductions  [3,  16]. 
However  this  characterization  was  not  formally  proven.  The  goal  of  this  note  is  to  prove  it. 

The  proof  has  been  implemented  in  Elf  [10],  a  constraint  logic  programming  language  based 
on  the  logical  framework  LF  [5].  In  fact,  it  was  the  implementation  that  inspired  the  proof. 
LF  turned  out  to  be  particularly  suited  for  this  problem,  since  two-level  A-terms  and  the  CPS 
transformation  can  be  encoded  very  naturally  by  using  meta-level  abstraction  and  application  to 
model  administrative  reductions.  This  note  thus  also  presents  an  excellent,  albeit  small,  case  study 
of  machine-assisted  proof  discovery. 

The  rest  of  this  note  is  organized  as  follows.  Section  2  presents  our  starting  point:  the  left-to- 
right  CBV  CPS  transformation.  We  formulate  it  both  as  a  function  and  as  a  judgment.  Section 
3  describes  properties  of  CPS  terms  as  produced  by  this  CPS  transformation:  their  BNF  and  the 
ordering  of  formal  parameters  of  continuations.  In  Section  4,  we  prove  that  the  output  of  the  CPS 
transformation  satisfies  the  ordering.  Section  5  describes  the  implementation  of  the  proof  in  Elf. 
Following  a  comparison  with  related  work  in  Section  7,  Section  8  concludes. 
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2  The  CPS  Transformation 

The  BNF  of  the  pure  A-calculus  reads  as  follows.  We  refer  to  this  A-calculus  as  direct  style  (DS)  to 
distinguish  it  from  the  continuation-passing  style  (CPS)  calculus  introduced  later. 

r  e  DRoot  —  DS  terms  r  ::=  e 

e  e  DExp  —  DS  expressions  e  ::=  eoCi  \  t 

t  €  DTriv  —  DS  trivial  expressions  t  ::=  x  \  Xx.r 

a;  €  Ide  —  identifiers 

Figure  1  displays  a  one-pass  CPS  transformer  for  the  pure  call- by- value  A-calculus.  This  transformer 
is  an  optimized  version  of  Plotkin’s  CPS  transformer  [13],  derived  in  an  earlier  work  [3];  it  is  slightly 
rephrased  to  match  the  syntactic  domains. 

These  equations  can  be  read  as  a  two-level  specification  a.  la  Nielson  and  Nielson  [8].  Opera¬ 
tionally, 

•  for  any  variable  x  and  any  expressions  e,  eo,  and  ei,  [x]e  and  eo(ei)  respectively  correspond  to 
functional  abstractions  and  applications  in  the  translation  program  (and  define  the  so-called 
“administrative  reductions”),  and 

•  for  any  variable  x  and  any  expressions  e,  eo,  and  ei,  Xx.e  and  eoCi  respectively  represent 
abstract-syntax  constructors  (to  build  the  residual  program). 

Note  that  the  types  of  the  translations  and  continuations  are  meta-level  types:  The  object  calculus 

is  untyped.  We  revisit  these  types  in  Section  5.2. 

The  CPS  transformation  can  be  reformulated  with  three  judgments.  A  DS  term  r  is  transformed 

into  a  CPS  term  r'  whenever  the  judgment 

I  DRoot  / 

I-  r  — >  r 

is  satisfied.  Given  a  continuation  k,  a  DS  expression  e  is  transformed  into  a  CPS  expression  e' 
whenever  the  judgment 

DExp  , 

h  e  ;  K  — >  e 

is  satisfied.  Finally,  a  DS  trivial  expression  t  is  transformed  into  a  CPS  trivial  expression  t'  whenever 
the  judgment 

h  t  t' 

is  satisfied.  The  overall  transformation  is  displayed  in  Figure  2. 

NB:  In  the  inference  rule  for  applications,  to  is  “new”,  i.e.,  the  deduction  of  the  left  premise 
is  parametric  in  to-  This  means  that  we  can  substitute  an  arbitrary  trivial  term  t  for  to  in  this 
derivation  and  obtain  a  derivation  of  h  d  ;  [tijtti  Au.K(t;)  e\{t).  This  property  is  exploited 
crucially  in  the  proof  of  Section  4. 
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^  DRoot 

:  DRoot  ->  CRoot 

(.DRoot|gj 

=  Xk.C^^^^lel{[t]kt) 

^DExp 

:  DExp  ->  [CTriv  ->•  CExp]  ->■  CExp 

C°^"P[eoei]K 

=  CDExp[eo]  ([io]C’^^"PIei|  {[h]to h  \v.k{v))) 

-  K(CD™vpj) 

^DTriv 

:  DTriv  — >  CTriv 

=  X 

where  k  and  the  u’s  are  fresh  variables. 

Figure  1:  The  left-to-right,  call-by-value  CPS  transformation  formulated  as  a  function 

he;  [t]kt  g' 

1_  ^  D^t 

h  ei  ;  [ii]  to  ti  Xv.k{v)  e[{to)  H  cq  ;  [io]  ^[{to)  e' 


DExp 

h  eo  ei  ;  k  — >  e' 


I  DTriv 
h  X  — >  X 


ht^-^t' 


ht;K 


.  DRoot  f 

i_  ^  ^  j.' 

h  Xx.r  — >  Xx.r 


Figure  2:  The  left-to-right,  call-by-value  CPS  transformation  formulated  as  a  judgment 
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3  CPS  Terms 


We  first  specify  the  BNF  of  CPS  terms  as  produced  by  the  CPS  transformation  of  Figures  1  and  2, 
and  then  we  specify  the  occurrence  conditions  over  the  continuations  and  their  formal  parameters. 
Both  specifications  come  from  the  earlier  work  on  the  DS  transformation  [2]. 


3.1  BNF  of  CPS  terms 


The  BNF  of  CPS  terms  reads  as  follows.  (NB:  We  distinguish  between  the  original  identifiers  x 
coming  from  the  DS  term,  and  the  fresh  identifiers  v  and  k  introduced  by  C.) 


r  6  CRoot 
e  6  CExp 
t  e  CTriv 
X  G  Ide 
V  G  Var 
k  G  Cont 


—  CPS  terms  r  ::=  Xk.e 

—  CPS  (serious)  expressions  e  I  kt 

—  CPS  trivial  expressions  t  x  \  Xx.r  \  v 

—  source  identifiers 

—  fresh  parameters  of  continuations 

—  fresh  variables  denoting  continuations 


3.2  Occurrences  of  continuation  parameters 

The  occurrence  conditions  over  continuation  parameters  is  simple:  there  is  only  one  continuation 
at  any  point  of  a  CPS  term.  This  is  captured  in  Figure  3  and  proven  in  Appendix  A. 

CPS  terms  that  do  not  satisfy  the  occurrence  conditions  over  continuation  parameters  corre¬ 
spond  to  DS  terms  that  use  a  control  operator  such  as  call/ cc.  This  point  is  investigated  elsewhere 

[4,  6]. 


3.3  Occurrences  of  formal  parameters  of  continuations 

The  occurrence  conditions  over  the  formal  parameters  of  continuations  are  reproduced  in  Figure  4. 
This  figure  should  be  read  as  follows.  Given  a  CPS  expression  e  occurring  in  the  scope  of  formal 
parameters  of  continuations  listed  in  the  order  of  their  declaration  in  a  list  the  judgment 

C  |_CExp 
s  ^Var  ® 

is  satisfied  whenever  the  variables  listed  in  ^  and  all  the  other  formal  parameters  of  continuations 
declared  in  e  occur  in  a  left-to-right  fashion  in  e.  (NB:  •  denotes  the  empty  list.) 

Similarly,  given  a  trivial  term  t  occurring  in  the  scope  of  formal  parameters  of  continuations 
listed  in  the  order  of  declaration  in  the  judgment 

e  t ;  e' 

is  satisfied  whenever  is  a  prefix  of  ^  and  the  remaining  variables  of  occur  in  t  in  a  left-to-right 
fashion. 

Our  goal  here  is  to  prove  that  transforming  a  DS  term  r  with  C  (in  Figures  1  and  2)  yields  a 
CPS  term  that  satisfies  the  judgment 

Fvar*C|r]. 
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*  I-S,"  ^ 
f-gRX‘ 

l-filS''  *i  <0  t  l-S  e 

l_CTriv  ^ 

'^Cont  ^ 

^  ^0  ii  Au.e 

l_CRoot  „ 

•^Cont  ^ 

^Soni"  ^  ^CoS" 

Figure  3:  Occurrences  of  continuation  parameters  in 

a  CPS  term 

•  h 


CExp 

Var 


Xk.e 


i  h ;  <ei  to  -,  6 


y-  iCExp 

^0^  ^  ^Var  g 


^  l-v?'’  ^0  k  Au.e 


?  t 


CExp 

Var 


k  t 


|_CRoot  j. 


Var"" 


V  ;  ^ 


Figure  4:  Ordering  over  formal  parameters  of  continuations  in  a  CPS  term 
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NB:  There  is  nothing  wrong  with  CPS  terms  that  do  not  satisfy  the  judgments  of  Figure  4. 
Simply,  they  specify  another  evaluation  order  or  another  sequencing  order  than  the  one  captured 
in  the  CPS  transformation  of  Figures  1  and  2.  Therefore,  they  cannot  be  mapped  back  to  direct 
style  naively  [2,  7]. 

4  The  Proof 

Globally,  we  are  interested  in  proving  that  if  h  r  r'  then  l-vS°°*  Clearly,  we  cannot 

prove  this  inductively  by  itself  since  properties  at  the  root  of  a  term  are  defined  in  terms  of  the 
expressions  it  contains.  The  critical  issue  is  the  property  of  continuations  we  must  prove  (in  the 
inductive  conclusion)  and  require  (in  the  inductive  hypothesis)  for  the  translation  of  expressions 
under  a  continuation.  A  continuation  is  a  (meta-level)  function  from  trivial  terms  to  expressions, 
which  suggests  the  method  of  logical  relations  [17].  The  idea  behind  binary  logical  relations  is  to 
consider  two  functions  related  if  they  map  related  arguments  to  related  results.  In  unary  form:  A 
function  is  valid  if  it  maps  valid  arguments  to  valid  results.  This  kind  of  definition  is  pervasive 
in  the  application  of  logical  frameworks  to  meta-theoretic  reasoning  {e.g.,  [9]).  It  works  smoothly 

here. 

Four  notions  of  validity  arise:  for  root  terms,  for  trivial  expressions,  for  serious  expressions,  and 
for  continuations.  In  their  definitions,  we  must  account  for  the  context  ^  in  which  an  expression 
might  occur.  For  root  terms,  serious  expressions,  and  trivial  expressions,  the  notion  of  validity 
is  derived  directly  from  the  property  we  are  trying  to  prove;  for  continuations  it  arises  from  the 
considerations  of  logical  relations  as  motivated  above.  We  also  streamline  the  definitions  by  con¬ 
sidering  separately  the  case  of  a  trivial  variable  v,  since  such  a  variable  is  never  the  result  of  the 
translation  of  a  trivial  DS  term  (see  Theorem  1  (3)). 

Definition  1 

(1)  r'  is  valid 

(2)  e'  is^valid  e'. 

(3)  t'  is  valid  if  ^  t'  ;  ^  for  every  C- 

(4)  K  is  valid  if 

(a)  V  k{v),  and 

(b)  ^  hvar'"''  M  t' . 

This  definition  is  more  complex  than  it  may  appear  at  first,  since  it  involves  meta-level  appli¬ 
cations  k(u)  and  K(t^)  and  therefore,  implicitly,  substitution. 

Theorem  1 

(1)  IfVr  r'  then  r'  is  valid. 


(2)  If  K  is  ^-valid  and  h  e  ;  k  e'  then  e'  is  ^-valid. 


(3)  Ifht  t'  then  t'  is  valid. 

Proof:  By  mutual  induction  on  the  derivations  IZ,  £,  and  T  of  h  r  r' 
h  t  t',  respectively. 


,  h  e  ;  K  ef  and 


Case  7^  - 

^e^^^Xk.e' 
Then  k  =  [t]  A:i  is  •-valid: 


.  „  i_CTriv  ,,  . 

(a)  ’  ,  &  .  ’  '  holds,  and 


h 


(b) 


Vax 
l_CTriv  f!  . 

'^VaL  L± 

iCExp  ,  .. 
•  '^Var  ^ 


k  V 


—  for  any  valid  t' . 


Hence,  by  induction  hypothesis  (2)  on  £,  •  c',  and  thus  l-y^°°'^  Xk.e'. 


£i{io) 


o  _  b  ei  ;  [fi]  tpti  Xv.k{v)  e\  (tp)  h  ep  ;  [to1  e,  (tp)  e 

v^ase  c  DExp  , 

1-  eo  ei  ;  K  — y  e 

Assume  k  is  valid.  We  need  to  show  that  kq  -  [to]  ei(to)  is  valid,  since  then  f  Hy®’"'’  e'  by 
induction  hypothesis  (2)  on  So-  Thus  we  need  to  show  properties  (a)  and  (b)  for  kq. 

Si  (vo) 

(a)  We  need  Uq  ^"Var'‘^  «o(vo)-  Consider  1-  ei  ;  [h]  voh  Xv.k(v)  ei(t>o)-  We  would  like 
to  show  that 

Ki  =  [ti]  uoti  Xv.k(v) 

is  uo-valid,  since  then  ei(uo)  =  «o(«^o)  is  uo-valid  by  induction  hypothesis  (2)  on 
5i(uo).  Therefore  we  need  to  consider  the  two  cases  of  Definition  1(4). 

(a)  Vo,  vi  hy^’^P  «i(ui).  We  derive  this  as  follows: 

since  k  is  valid 
S,  V  k(u) 


So 


D^p  , 


C,  vq,  Vi  Vi  ;  S,  ^0  ^0  byir'"'  ^0  ;  S 


C'l'riv 


6  Uo,  Vi  VoVi  Xv.k{v) 


(b)  Uo  h'var’'^  where  t[  is  valid.  This  is  established  by  the  derivation 


since  t[  is  valid 
e,  «o  no 


c,  up  VQ ;  e 


since  k  is  ^-valid 
^  byf^^P  K(t;) 


S,  ^^0,  Vi  ^ot'i  Xv.k{v) 

Thus  Ki  is  Uo-valid.  Therefore,  by  induction  hypothesis  on  £^i(uo), 

C,  Vo  l-yfr"'*’  Ko(t^o)- 
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(b)  We  need  ^  ^0(^0)  any  valid  Iq.  Consider 

h  d  ;  [h]  t'o  ti  Xv.k(v) 

=  «o(io) 

We  would  like  to  show  that 

Ki  =  [tijtoti  Xv.k(v) 

is  valid,  so  we  can  apply  the  induction  hypothesis  to  Si  (to).  Again,  we  need  to  consider 
the  two  clauses  of  Definition  1(4). 

(a)  S,  vi  Ki(ui).  We  derive  this  as  follows: 


since  t'o  is  valid  since  k  is  ^-valid 


i'Var'"'’  ^0  ^^1  Av.k(u) 

(b)  ^  bvar’''’  «i(ii)  for  any  valid  t'j.  We  construct: 

since  is  valid  since  to  is  valid  since  k  is  ^-valid 

{Hgy-'t;;; 

Hence  ki  is  valid  and  thus  ^  by  induction  hypothesis  (2)  on  fi(to). 

=  Ko(to) 

Thus  kq  is  valid.  Hence  e'  is  valid  by  induction  hypothesis  (2)  on  So- 

T 

Case  S  — 


By  induction  hypothesis  (3)  on  T,  t'  is  valid.  Since  we  assume  that  k  is  ^-valid,  nit )  is  also 
^-valid  by  clause  (b)  in  Definition  1. 


Case  T  = 


h  X 


DTriv 


-.  Then  . ,  CTHv 


is  an  axiom  for  any 


7^ 

I  DRopt  / 

Case  T=  — ^  ^  - .  Then  we  construct 


h  Xx.r 


DTriv 


Xx.r' 


by  i.h.  (1)  on  TZ 

|_CRoot 

Xx.r';  C 


n 


5  Implementation  in  Elf 

In  this  section  we  show  the  implementations  of  the  DS  and  CPS  terms,  CPS  transformation, 
ordering,  and  the  proof  that  the  results  of  the  CPS  transformation  are  valid.  Familiarity  with  the 
LF  logical  framework  [5],  its  methodology,  and  it  implementation  in  Elf  [10]  is  assumed.  Some 
implementation-specific  details  will  be  mentioned  in  the  commentary. 
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5.1  Direct-style  terms 

Recall  the  information  definition  of  direct-style  (DS)  terms  in  BNF  form. 

DS  (Root)  Terms  r  e 

DS  (Serious)  Expressions  e  ::=  cqCi  \  t 

DS  Trivial  Expressions  t  x  |  Xx.r 

We  only  remark  that  the  representation  uses  higher-order  abstract  syntax  [11]  to  represent  object- 
level  abstractions,  and  that  the  natural  inclusions  {e.g.,  every  trivial  expression  is  an  expression) 
are  modeled  by  explicit  coercions  {e.g.,  dtriv_dexp). 

droot  :  type,  '/.name  droot  R 
dexp  :  type,  '/.name  dexp  E 
dtriv  :  type,  '/.name  dtriv  T 

dexp_droot  ;  dexp  ->  droot . 

dapp  ;  dexp  ->  dexp  ->  dexp. 

dtriv_dexp  :  dtriv  ->  dexp. 

dlam  :  (dtriv  ->  droot)  ->  dtriv. 

Note  that  dlam  abstracts  over  an  argument  of  type  dtriv,  thus  encoding  the  fact  that  variables 
X  are  trivial  expressions.  The  '/.name  declarations  indicate  preferred  variable  names  for  syntactic 
classes,  in  case  the  Elf  interpreter  has  to  synthesize  names  (which  is  a  frequent  occurrence  in  during 
type  reconstruction). 

5.2  CPS  terms 

Recall  the  definition  of  continuation-passing  style  (CPS)  terms  in  BNF  form. 

CPS  (Root)  Terms  r  Xk.e 

CPS  (Serious)  Expressions  e  ::=  eo  ei  Xv.e  \  k  t 

CPS  Trivial  Expressions  t  ::=  x  \  Xx.r  \  v 

CPS  terms  are  modelled  using  the  same  principles  as  DS  terms,  but  they  introduce  a  new  con¬ 

sideration.  The  two-level  CPS  transformation  from  Section  2  shows  that  a  continuation  is  best 
considered  as  a  meta-level  function  which,  when  applied  to  a  trival  term,  yields  an  expression.  It 
therefore  has  type  ctriv  ->  cexp.  An  abstraction  over  a  continuation  (as  is  necessary  for  a  root 
term  Xk.e)  thus  is  a  third-order  construct!  This  is  rare  and  indicates  that  we  are  exploiting  the 
expressive  power  of  the  meta-language  to  a  great  extent. 

croot  :  type,  '/.name  croot  R 
cexp  :  type,  '/.ncime  cexp  E 
ctriv  :  type,  '/name  ctriv  T 

'/.  ccont  :  type  =  ctriv  ->  cexp.  '/.naune  ccont  K 

rlam  :  ((ctriv  ->  cexp)  ->  cexp)  ->  croot. 
capp  :  ctriv  ->  ctriv  ->  (ctriv  ->  cexp)  ->  cexp. 
clam  :  (ctriv  ->  croot)  ->  ctriv. 

Note  that  Elf  currently  does  not  support  definitions,  so  we  must  write  the  expanded  version  of 
the  continuation  type  ccont  by  hand.  It  is  inserted  in  the  source  only  as  a  comment. 
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5.3  The  CPS  transformation 

The  judgments  in  Figure  2  can  be  easily  transcribed  into  Elf.  Just  like  the  inference  rules  them¬ 
selves,  the  corresponding  declarations  below  should  be  understood  schematically  the  free  variables 
are  implicitly  quantified.  Elf’s  type  reconstruction  determines  the  most  general  type  for  the  free 
variables  in  each  declaration. 

Instead  of  d  :  A  ->  (B  ->  C)  we  often  use  the  form  d  :  C  <-  B  <-  A  to  emphasize  the  op¬ 
erational  interpretation  of  the  declarations  as  a  logic  program  (to  solve  C  first  solve  B  then  A).  In 
this  case,  the  logic  program  transforms  DS  terms  to  CPS  terms.  The  '/mode  pragmas  establish 
the  role  of  input  (+)  and  output  (-)  arguments  to  a  predicate.  They  are  checked  for  consistency, 
thus  providing  operational  correctness  guarantees  beyond  type  correctness.  The  '/lex  annotation 
postulates  a  termination  ordering  on  the  given  arguments  and  modes  which  is  checked  by  Elf.  In 
this  case  we  simply  use  the  subterm  ordering  on  the  first  argument  of  the  three  mutually  recursive 
judgments. 

cst_r  :  droot  ->  croot  ->  type.  '/.name  cst_r  CR 

cst_e  :  dexp  ->  (ctriv  ->  cexp)  ->  cexp  ->  type,  '/.name  cst_e  CE 

cst_t  :  dtriv  ->  ctriv  ->  type.  '/.name  cst_t  CT 

'/jnode  -cst_r  +R  -R’ 

'/.mode  -cst_e  +E  +K  -E’ 

'/.mode  -cst_t  +T  -T’ 

•/.lex  fR  E  T> 

cst_r_dexp  :  cst_r  (dexp.droot  E)  (rlam  E’) 

<-  ({k: ctriv  ->  cexp}  cst_e  E  k  (E’  k)). 

cst_e_dapp  : 

cst_e  (dapp  EO  El)  K  E’ 

<-  ({to : ctriv}  cst_e  El  ([tl: ctriv]  capp  tO  tl  K)  (El’  tO)) 

<-  cst_e  EO  ( [to ; ctriv]  El’  tO)  E’. 

cst_e_dtriv  :  cst_e  (dtriv_dexp  T)  K  (K  T’) 

<-  cst_t  T  T’ . 

cst_t_dlam  :  cst_t  (dlam  R)  (clam  R’) 

<-  ({x: dtriv}  {x’: ctriv}  cst_t  x  x’  ->  cst_r  (R  x)  (R’  x’)). 

The  left  premise  of  the  rule  for  applications  eoej  is  required  to  be  parametric  in  to-  This  is 
represented  by  a  dependently  typed  function  from  to  to  a  derivation  of 

h  ei  ;  [tl]  toh  Xv.k{v)  e[{to). 

In  Elf’s  concrete  syntax  this  type  is  written  as 

{to : ctriv}  cst_e  El  (Ctl: ctriv]  capp  tO  tl  K)  (El’  tO) 

Note  that  we  have  silently  77-reduced  Au. «;(?;)  and  simply  written  K.  This  is  a  matter  of  style  and 
efficiency,  but  not  essential,  since  the  definitional  equality  of  the  Elf  meta-language  is  /?r?-conversion. 
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5.4  Ordering  over  parameters  of  continuations 

In  order  to  describe  the  ordering  over  parameters  of  continuations,  w^e  require  a  notion  of  stack 
which  is  easily  defined.  The  '/.infix  declaration  makes  a  left-associative  infix  operator  with  an 
(arbitrary)  binding  strength  of  10. 

stack  ;  type,  y.ncime  stack  Xi 
dot  :  stack. 

,  :  stack  ->  ctriv  ->  stack,  '/infix  left  10  , 

The  three  mutually  recursive  judgments  regarding  variable  ordering  are  easily  translated  into 
Elf.  Note  that  the  cases  concerning  variables  x,  v  and  k  must  be  given  wherever  such  variables 
are  introduced,  rather  than  globally.  This  is  a  consequence  of  the  representation  technique  of 
higher-order  abstract  syntax. 

ord_r  :  croot  ->  type .  %name  ord_r  OR 

ord_e  :  stack  ->  cexp  ->  type.  '/name  ord_e  OE 

ord_t  :  stack  ->  ctriv  ->  stack  ->  type,  '/name  ord_t  OT 

'/mode  -ord_r  +R 

'/mode  -ord_e  +Xi  +E 

'/mode  -ord_t  +Xi  ’  +T  -Xi  ’  ’ 

'/lex  -CR  E  T} 

ord_r_rlam  :  ord_r  (rlam  E) 

<-  ({k: ctriv  ->  cexp} 

({Xi: stack}  {T: ctriv} 

ord_e  Xi  (k  T)  <-  ord_t  Xi  T  dot) 

->  ord_e  dot  (E  k) ) . 

ord_e_capp  :  ord_e  Xi  (capp  TO  T1  E) 

<-  ord_t  Xi  T1  Xil 
<-  ord_t  Xil  TO  XiO 
<-  ({v: ctriv} 

({Xi’: stack}  ord_t  (Xi’  ,  v)  v  Xi’) 

->  ord_e  (XiO  ,  v)  (E  v)). 

ord_t_clam  :  ({Xi: stack}  ord_t  Xi  (clam  R)  Xi) 

<-  ({x: ctriv} 

({Xi’: stack}  ord_t  Xi’  x  Xi’) 

->  ord_r  (R  x) ) . 

5.5  The  proof 

The  informal  proof  in  Section  4  that  continuation  parameters  obey  a  stack-like  discipline  can  be 
translated  into  Elf  using  the  technique  of  higher-level  judgments  (see,  for  example,  [12]).  Our 
(constructive)  proof  may  be  seen  as  containing  an  algorithm  for  computing  a  derivation  %'  of 
r'  from  a  derivation  7^  of  h  r  r'.  In  Elf,  this  algorithm  is  implemented  as  a  logic 

program  for  transforming  71  into  71' \  declaratively  it  is  a  higher-level  judgment  relating  derivations 
7i  and  Tl'.  Properties  of  these  higher-level  judgments  such  as  termination  can  then  be  established 
automatically. 
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In  order  to  match  the  definition  of  the  CPS  transformation  closely,  our  formalization  does  not 
use  explicit  definitions  of  validity  except  for  continuations  k,  which  would  otherwise  be  unwieldy. 

valid.k  :  stack  ->  (ctriv  ->  cexp)  ->  type. 

'/.mode  -valid_k  +Xi  +K 
•/.lex  K 

vld_k  :  valid_k  Xi  K 

<-  ({v: ctriv} 

({Xi': stack}  ord_t  (Xi’  ,  v)  v  Xi’) 

->  ord_e  (Xi  ,  v)  (K  v)) 

<-  ({f:  ctriv} 

({Xi: stack}  ord_t  Xi  t’  Xi) 

->  ord_e  Xi  (K  t’)). 

The  proof  is  implemented  by  three  mutually  recursive  higher-level  judgments  for  root  terms, 
expressions,  and  trivial  expressions.  Each  clause  corresponds  to  one  case  of  the  informal  proof. 
Each  appeal  to  an  induction  hypothesis  appears  as  a  recursive  call. 

proof _r  :  cst_r  R  R’  ->  ord_r  R’  ->  type. 

proof _e  :  cst_e  EKE’  ->  valid.k  Xi  K  ->  ord_e  Xi  E’  ->  type. 
proof_t  :  cst_t  T  T’  ->  ({Xi:stack}  ord_t  Xi  T’  Xi)  ->  type. 

•/.mode  -proof  _r  +CR  -OR 
•/.mode  -proof_e  +CE  +VK  -OE 
•/jnode  -proof_t  +CT  -OT 
•/.lex  {CR  CE  CT} 

pf_r  :  proof_r  (cst_r_dexp  CE)  (ord_r_rlam  OE) 

<-  ({k: ctriv  ->  cexp} 

{ok  :  {Xi: stack}  {T: ctriv}  ord_e  Xi  (k  T)  <-  ord_t  Xi  T  dot} 
proof_e  (CE  k) 

(vld_k 

([f:  ctriv]  [CT:{Xi:  stack}  ord_t  Xi  t’  Xi] 
ok  dot  t’  (CT  dot)) 

(Cv: ctriv]  [CT:{Xi’ : stack}  ord_t  (Xi’  ,  v)  v  Xi’] 
ok  (dot  ,  v)  V  (CT  dot))) 

(OE  k  ok)) . 

pf  e_dapp  :  proof _e  (cst_e_dapp  CEO  CEl)  (vld_k  _  OE)  OE’ 

<-  ({vO  :  ctriv}  {OTO  :  {Xi’: stack}  ord_t  (Xi’  ,  vO)  vO  Xi’} 
proof_e  (CEl  vO) 

(vld_k 

([tl: ctriv]  [OTl:{Xi’ : stack}  ord_t  Xi’  tl  Xi’] 
ord_e_capp  OE  (OTO  Xi)  (OTl  (Xi  ,  vO))) 

([vl:ctriv]  [OTl : {Xi ’: stack}  ord_t  (Xi’  ,  vl)  vl  Xi’] 
ord_e_capp  OE  (OTO  Xi)  (OTl  (Xi  ,  vO)))) 

(VEl’V  vO  OTO)) 

<-  ({to  :  ctriv}  {OTO  :  {Xi’: stack}  ord_t  Xi’  tO  Xi’} 
proof_e  (CEl  tO) 

(vld_k 

([tl: ctriv]  [OTl : {Xi ’: stack}  ord_t  Xi’  tl  Xi’] 
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ord_e_capp  OE  (OTO  Xi)  (OTl  Xi)) 

([vl:ctriv]  [OTl : {Xi stack}  ord_t  (Xi’  ,  vl)  vl  Xi’] 
ord_e_capp  OE  (OTO  Xi)  (OTl  Xi))) 

(VEl’T  to  OTO)) 

<-  proof_e  CEO  (vld_k  VEl’T  VEl’V)  OE’. 

pf_e_dtriv  :  proof_e  (cst_e_dtriv  CT)  (vld_k  OE  _)  (OE  T’  OT) 

<-  proof _t  CT  OT. 

pf_t_dlam  :  proof_t  (cst_t_dlaiti  CR)  (ord_t_clam  OR) 

<-  ({x:dtriv}  {x’:ctriv> 

{CT:  cst_t  X  x’> 

{0T;{Xi’ : stack}  ord_t  Xi’  x’  Xi’} 
proof_t  CT  OT 

->  proof_r  (CR  x  x’  CT)  (OR  x’  OT)). 

From  the  implementation  above  it  is  actually  quite  easy  (with  a  little  experience)  to  reconstruct 
the  informal  proof. 

The  proof  of  the  property  of  occurrences  of  continuations  k  themselves  (see  Figure  3)  can  also 
easily  be  represented  in  the  same  style.  It  can  be  found  in  Appendix  A. 
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5.6  An  example 

We  now  reconsider  the  direct-style  term  from  Section  1. 


\x.fx  {gx) 


Under  appropriate  declarations  for  /  and  g  as  variables,  this  term  is  represented  in  Elf  by 

(dexp_droot 

(dtriv_dexp 

(dlam  [x:dtriv] 

dexp_droot  (dapp  (dapp  (dtriv_dexp  f)  (dtriv_dexp  x)) 

(dapp  (dtriv_dexp  g)  (dtriv_dexp  x)))))) 

:  droot . 


It  is  rather  lengthy  due  to  the  coercions,  but  we  could  easily  write  a  judgment  to  insert  appropriate 
coercions  into  pure  A-term.  In  order  to  translate  this  we  may  pose  the  following  query. 


CR: 

cst_r  (dexp_droot 

(dtriv_dexp 

(dlam  [x:dtriv] 

dexp_droot  (dapp  (dapp  (dtriv_dexp  f)  (dtriv_dexp  x)) 
(dapp  (dtriv_dexp  g)  (dtriv_dexp  x)))))) 


R. 


which  yields  the  CPS  term  R  (eliding  the  derivation  CR) 

R  = 

rlam  [k:ctriv  ->  cexp] 

k  (clam  [x’:ctriv]  rlam  [kl:ctriv  ->  cexp] 

capp  f’  x’  ([t01:ctriv]  capp  g’  x’  ([tl:ctriv]  capp  tOl  tl  kl))), 

CR  =  ... 
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Modulo  variable  names,  this  corresponds  to 

\k.k  {Xx.Xk.fx  Xvi.g  X  Xv2.vi  V2  Xvs.kvs). 

The  omitted  term  CR  represents  the  derivation  of  the  judgment 

\-  Xx.fx  (g  x)  Xk.k  {Xx.Xk.fx  Xvi  .g  x  Xv2.vi  V2  Xvs.k  V3) 

which  was  constructed  by  the  Elf  interpreter  in  answer  to  the  first  query.  We  can  apply  the 
implementation  of  the  meta-theory  to  translate  CR  into  a  derivation  showing  that  the  conditions  on 
occurrences  of  continuation  parameters  are  satisfied  in  this  example,  that  is,  into  a  derivation  of 

Xk.k  {Xx.Xk.f  X  Xvi.g  X  XV2.V1  V2  Xvs.kvs). 

The  query  is  the  following.  The  first  argument  to  proof  _r  is  the  derivation  CR  elided  above. 

proof_r 

(cst_r_dexp  [k:ctriv  ->  cexp] 
cst_e_dtriv 

(cst_t_dlam  Cx:dtriv]  [x’lictriv]  [CT:cst_t  x  x’l] 
cst_r_dexp  [kl:ctriv  ->  cexp] 
cst_e_dapp 

(cst_e_dapp  (cst_e_dtriv  cst_f)  ([tO:ctriv]  cst_e_dtriv  CT)) 

( [to : ctriv] 

cst_e_dapp  (cst_e_dtriv  cst_g)  ([tOl: ctriv]  cst_e_dtriv  CT)))) 

OR. 


We  know  that  a  query  of  this  form  will  always  succeed.  In  this  case  it  produces  the  substitution 
OR  = 

ord_r_rlain  [k:  ctriv  ->  cexp] 

[ok:-CXi:stack>  ■[T:ctriv}  ord_t  Xi  T  dot  ->  ord_e  Xi  (k  T)] 
ok  dot 

(clam  Ex’: ctriv]  rlam  [kl: ctriv  ->  cexp] 

capp  f’  X’  ([tO:ctriv]  capp  g’  x’  ([tl:ctriv]  capp  tO  tl  kl))) 
(ord_t_clam 

([x’l: ctriv]  [0T:-CXi’ :stack>  ord_t  Xi’  x’l  Xi’] 
ord_r_rlam  [kl: ctriv  ->  cexp] 

[okl:-CXi: stack}  •CT:ctriv}  ord_t  Xi  T  dot  ->  ord_e  Xi  (kl  T)] 
ord_e_capp 

([vO:  ctriv]  [0T01:-[Xi’ : stack}  ord_t  (Xi’  .  vO)  vO  Xi’] 
ord_e_capp 

([vl: ctriv]  [OTl : {Xi ’: stack}  ord_t  (Xi’  ,  vl)  vl  Xi’] 
ord_e_capp 
( [v : ctriv] 

[CT:{Xi’ : stack}  ord_t  (Xi’  ,  v)  v  Xi’] 
okl  (dot  ,  v)  V  (CT  dot)) 

(OTOl  dot)  (OTl  (dot  ,  vO))) 

(ord_t_g  (dot  ,  vO))  (DT  (dot  ,  vO))) 

(ord_t_f  dot)  (OT  dot)) 

dot) . 


which  shows  that  the  CPS  term  above  satisfies  the  ordering  criterion. 
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2^CRoot 

:  CRoot  — >  DRoot 

2^CExp 

:  CExp  DExp 

ti  Au.e] 

=  P^^’^PIel  [v  := 

II 

o 

< 

i - 1 

2jCTriv 

:  CTriv  DExp 

=  X 

=  Aa;.P^^""‘[rI 

=  V 

Figure  5:  The  call-by-value  DS  transformation  formulated  as  a  function  and  using  substitutions 

6  The  Direct-Style  Transformation 

Having  formalized  and  proven  the  occurrences  of  continuation  parameters  in  CPS  terms,  we  can 
now  show  the  transformation  from  a  CPS  term  back  to  direct  style.  Note  that  this  transformation 
only  applies  to  terms  satisfying  occurrence  and  ordering  conditions. 

The  following  implementation  uses  substitution  (see  Figure  5).  An  implementation  that  uses  a 
stack  ^  without  explicitly  relying  on  substitution  is  also  possible  (see  Figures  6  and  7). 

dst_r  :  croot  ->  droot  ->  type. 
dst_e  :  cexp  ->  dexp  ->  type . 
dst_t  ;  ctriv  ->  dexp  ->  type. 

%inode  -dst_r  +R  -R’ 

'/mode  -dst_e  +E  -E’ 

'/mode  -dst_t  +T  -T’ 

'/lex  {R  E  T> 

dst_r_rlam  :  dst_r  (rlam  E)  (dexp_droot  E’) 

<-  (fk: ctriv  ->  cexp} 

({T: ctriv}  {E:dexp}  dst_e  (k  T)  E  <-  dst_t  T  E) 

->  dst_e  (E  k)  E’ ) . 

dst_e_capp  :  dst_e  (capp  TO  T1  ([v: ctriv]  E  v))  E’ 

<-  dst_t  TO  EO 
<-  dst_t  T1  El 

<-  ({victriv}  dst_t  v  (dapp  EO  El)  ->  dst_e  (E  v)  E’). 

dst_t_clam  :  dst_t  (clam  R)  (dtriv_dexp  (dlam  R’)) 

<-  ({x:  ctriv}  ■Cx’:dtriv} 

dst_t  X  (dtriv_dexp  x’) 

->  dst_r  (R  x)  (R’  X')). 
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2^CRoot 

CR-Oot  — ^  DRoot 

DC^^P|e|. 

'pCExp 

CExp  List(DExp)  ->  DExp 

let  = 

in  let  (ej,;  ^o)  = 

in  DCExp|ej  ) 

let  (e';  .)  =  P^Triv  |^j  ^ 
in  e' 

^CTriv 

CTriv  ^  List  (DExp)  -)•  (DExp  x  List  (DExp)) 

o 

< 

(A^ 

1! 

(a:;  0 

(Aa:.D°^°°‘Ir];  0 

7?CTriv|yj  ^ 

(e';  0 

where  “let  a:  =  e  in  b”  abbreviates 

<([x]6)(e)”  and  thus  denotes  an  administrative  reduction. 

FifTiirp  6-  The  call-bv-value  DS  transformation  formulated  as  a  function  and  using  a  stack 
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7  Related  Work 


The  structure  of  CPS  terms  has  been  little  investigated.  Most  authors  {e.g.^  Wand  and  Oliva  [18]) 
implicitly  rely  on  conformant  CPS  terms  to  run  them  on  a  stack  machine. 

In  their  work  on  reasoning  about  CPS  programs,  Sabry  and  Felleisen  also  rely  on  the  unicity  of 
continuations  parameters  in  the  pure  A-calculus  [14,  15]. 

In  their  work  on  separating  stages  in  the  CPS  transformation  [7],  Lawall  and  Danvy  noticed  that 

V' 

the  sequencing  order  encoded  in  CPS  terms  is  accounted  for  by  the  occurrences  of  parameters  of 
continuations.  In  his  work  on  the  DS  transformation  [2],  Danvy  characterized  the  ordering  of  Figure 
4,  but  did  not  prove  it  formally.  During  spring  1993,  Danvy  and  Pfenning  carried  out  the  work 
reported  here.  Later,  in  her  PhD  work  on  the  inverseness  of  the  CPS  and  the  DS  transformations, 
Lawall  independently  proved  by  hand  a  similar  ordering  [6,  Appendix  A. 1.1]. 

8  Conclusion  and  Issues 

We  have  formalized  and  proven  the  occurrences  of  continuation  parameters  and  of  formal  param¬ 
eters  of  continuations  in  CPS  terms.  This  new  knowledge  about  continuations  parameters  in  CPS 
terms  can  enable  their  more  efficient  implementation.  For  example,  the  transformation  of  conform¬ 
ing  CPS  terms  back  to  direct  style  can  be  implemented  using  a  stack  to  carry  out  substitutions 
(see  Figures  6  and  7).  This  new  formulation  also  makes  it  simpler  to  prove  that  the  CPS  and  the 
DS  transformations  are  inverses  of  each  other  [6]  and  to  automate  this  proof. 

The  implementation  in  Elf  is  small  but  non-trivial.  It  captures  the  computational  content  of  the 
translations  and  the  meta-theoretic  reasoning  in  a  declarative,  yet  executable  way.  The  framework 
is  built  around  the  notions  of  substitution  and  and  meta-level  function,  which  leads  to  a  very  elegant 
and  direct  encoding.  This  representation  is  unusual  in  that  it  requires  third-order  constants  (since  it 
abstracts  over  continuations),  thus  exemplifying  a  new  technique  for  representing  deductive  systems 
in  LF  interesting  in  its  own  right.  Since  the  encoding  suggested  the  proof  technique,  this  paper 
demonstrates,  on  a  small  scale,  the  value  of  a  logical  framework  as  a  conceptual  tool  in  the  study 
of  the  theory  of  programming  languages. 

A  Occurrences  of  Continuations  Parameters 

Here  we  present  the  implementation  of  the  occurrence  condition  on  continuations  parameters  in  CPS 
terms  resulting  from  a  CPS  transformation  (see  Figure  3).  Again,  we  use  a  third-order  judgment. 

occ_r:  croot  ->  type.  Xname  occ_r  KR 

occ_e:  ((ctriv  ->  cexp)  ->  cexp)  ->  type.  '/.name  occ_e  KE 

occ_t:  ctriv  ->  type.  '/.name  occ_t  KT 

r 

'/.mode  -occ_r  +R 
'/.mode  -occ_e  +E 
/.mode  -occ_t  +T 
'/.lex  {R  E  T> 
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occ_r_rlain;  occ_r  (rlam  E) 

<-  occ_e  E. 

occ_e_capp:  occ_e  (Ckictriv  ->  cexp]  capp  TO  T1  ([v:ctriv]  (E  k  v))) 
<-  occ_t  TO 
<-  occ_t  T1 
<-  ({v:ctriv} 
occ_t  V 

->  occ_e  ([k:ctriv  ->  cexp]  (E  k  v))). 

occ_e_cret;  occ_e  ([k:ctriv  ->  cexp]  k  T) 

<-  occ_t  T. 


occ_t_clam:  occ_t  (clam  R) 

<-  ({xictriv} 
occ_t  X 

->  occ_r  (R  x) ) . 


'/.mode  -occ_k  +K 
*/,lex  K 

occ_k:  ((ctriv  ->  cexp)  ->  (ctriv  ->  cexp))  ->  type,  '/.name  occ_k  KK 

occ_k_k  :  occ_k  K 

<-  ({t; ctriv} 
occ_t  t 

->  occ_e  ([k; ctriv  ->  cexp]  K  k  t)). 

Next  is  the  implementation  of  the  proof  that  the  CPS  transformation  of  DS  terms  yields  CPS 
terms  that  satisfy  the  occurrence  conditions  of  continuations  parameters. 

kproof.r  :  cst_r  R  R'  ->  occ_r  R’  ->  type. 
kproof_e  :  (■Ck:ctriv  ->  cexp}  cst_e  E  (K  k)  (E’  k)) 

->  occ_k  K  ->  occ_e  E’  ->  type, 
kproof.t  :  cst_t  T  T’  ->  occ_t  T’  ->  type. 

'/.mode  -kproof_r  +CR  -KR 
'/.mode  -kproof_e  +CE  +KK  -KE 
'/.mode  -kproof_t  +CT  -KT 
'/.lex  -CCR  CE  CT} 

kproof_r_dexp  :  kproof_r  (cst_r_dexp  CE)  (occ_r_rlam  KE) 

<-  kproof_e  CE  (occ_k_k  [t: ctriv]  CKT:occ_t  t]  occ_e_cret  KT) 

KE. 

kproof_e_dapp  :  kproof_e  ([k: ctriv  ->  cexp]  cst_e_dapp  (CEO  k)  (CEl  k)) 

(occ_k_k  KE’)  KE 
<-  ({to : ctriv}  {KTO:occ_t  tO} 
kproof_e  ( [k]  CEl  k  tO) 

(occ_k_k  [tlrctriv]  [KTl:occ_t  tl] 
occ_e_capp  KE’  KTl  KTO) 

(KEl  to  KTO)) 

<-  kproof_e  CEO  (occ_k_k  KEl)  KE. 
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kproof_e_dtriv  :  kproof_e  ([k:ctriv  ->  cexp]  cst_e_dtriv  CT)  (occ_k_k  KE’) 

(KE'  T’  KT) 

<-  kproof_t  CT  KT. 

kproof _t_dlam  :  kproof_t  (cst_t_dlain  CR)  (occ_t_clain  KR) 

<-  ({xidtriv}  {x’:ctriv} 

{Cx:  cst_t  X  x’}  {Kx’rocc.t  x’} 

kproof_t  Cx  Kx’  ->  kproof _r  (CR  x  x’  Cx)  (KR  x’  Kx’))- 
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